Skip to main content
SpringerLink
Log in

Practical Algebraic Attack on DAGS

  • Conference paper
  • First Online:
Code-Based Cryptography (CBC 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11666))

Included in the following conference series:

Abstract

DAGS scheme is a key encapsulation mechanism (KEM) based on quasi-dyadic alternant codes that was submitted to NIST standardization process for a quantum resistant public key algorithm. Recently an algebraic attack was devised by Barelli and Couvreur (Asiacrypt 2018) that efficiently recovers the private key. It shows that DAGS can be totally cryptanalysed by solving a system of bilinear polynomial equations. However, some sets of DAGS parameters were not broken in practice. In this paper we improve the algebraic attack by showing that the original approach was not optimal in terms of the ratio of the number of equations to the number of variables. Contrary to the common belief that reducing at any cost the number of variables in a polynomial system is always beneficial, we actually observed that, provided that the ratio is increased and up to a threshold, the solving can be heavily improved by adding variables to the polynomial system. This enables us to recover the private keys in a few seconds. Furthermore, our experimentations also show that the maximum degree reached during the computation of the Gröbner basis is an important parameter that explains the efficiency of the attack. Finally, the authors of DAGS updated the parameters to take into account the algebraic cryptanalysis of Barelli and Couvreur. In the present article, we propose a hybrid approach that performs an exhaustive search on some variables and computes a Gröbner basis on the polynomial system involving the remaining variables. We then show that the updated set of parameters corresponding to 128-bit security can be broken with \(2^{83}\) operations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    It was observed experimentally in [8] that actually the inclusion is most of the time an equality.

References

  1. Banegas, G., et al.: DAGS: key encapsulation using dyadic GS codes. J. Math. Cryptology 12(4), 221–239 (2018)

    Article  MathSciNet  Google Scholar 

  2. Banegas, G., et al.: DAGS: Key encapsulation for dyadic GS codes, specifications v2, September 2018

    Google Scholar 

  3. Banegas, G., et al.: DAGS: Key encapsulation for dyadic GS codes, November 2017. https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/DAGS.zip. First round submission to the NIST post-quantum cryptography call

  4. Bardet, M., Faugère, J.C., Salvy, B.: On the complexity of Gröbner basis computation of semi-regular overdetermined algebraic equations. In: International Conference on Polynomial System Solving, ICPSS 2004, 24–26 November, Paris, France, pp. 71–75 (2004)

    Google Scholar 

  5. Bardet, M., Faugère, J.C., Salvy, B., Yang, B.Y.: Asymptotic behaviour of the degree of regularity of semi-regular quadratic polynomial systems. In: MEGA 2005 Eighth International Symposium on Effective Methods in Algebraic Geometry, Porto Conte, Alghero, Sardinia, Italy, p. 15, 27 May–1 June 2005

    Google Scholar 

  6. Bardet, M., et al.: BIGQUAKE, November 2017. https://bigquake.inria.fr. NIST Round 1 submission for Post-Quantum Cryptography

  7. Barelli, È.: On the security of some compact keys for McEliece scheme. In: WCC Workshop on Coding and Cryptography, September 2017

    Google Scholar 

  8. Barelli, É., Couvreur, A.: An efficient structural attack on NIST submission DAGS. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11272, pp. 93–118. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03326-2_4

    Chapter  Google Scholar 

  9. Berger, T.P., Cayrel, P.-L., Gaborit, P., Otmani, A.: Reducing key length of the McEliece cryptosystem. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 77–97. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02384-2_6

    Chapter  Google Scholar 

  10. Bernstein, D.J., et al.: Classic McEliece: conservative code-based cryptography, November 2017. First round submission to the NIST post-quantum cryptography call

    Google Scholar 

  11. Bernstein, D.J., Lange, T., Peters, C.: Wild McEliece. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 143–158. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19574-7_10

    Chapter  Google Scholar 

  12. Bettale, L., Faugère, J.C., Perret, L.: Hybrid approach for solving multivariate systems over finite fields. J. Math. Cryptology 3(3), 177–197 (2009)

    Article  MathSciNet  Google Scholar 

  13. Bosma, W., Cannon, J., Playoust, C.: The magma algebra system I: the user language. J. Symbolic Comput. 24(3/4), 235–265 (1997)

    Article  MathSciNet  Google Scholar 

  14. Couvreur, A., Gaborit, P., Gauthier-Umaña, V., Otmani, A., Tillich, J.P.: Distinguisher-based attacks on public-key cryptosystems using Reed-Solomon codes. Des. Codes Crypt. 73(2), 641–666 (2014)

    Article  MathSciNet  Google Scholar 

  15. Couvreur, A., Otmani, A., Tillich, J.P.: Polynomial time attack on wild McEliece over quadratic extensions. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 17–39. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_2

    Chapter  Google Scholar 

  16. Couvreur, A., Otmani, A., Tillich, J.P.: Polynomial time attack on wild McEliece over quadratic extensions. IEEE Trans. Inform. Theory 63(1), 404–427 (2017)

    Article  MathSciNet  Google Scholar 

  17. Faugère, J.C., Otmani, A., Perret, L., de Portzamparc, F., Tillich, J.P.: Structural weakness of compact variants of the McEliece cryptosystem. In: 2014 Proceedings IEEE International Symposium Information Theory - ISIT, Honolulu, pp. 1717–1721, July 2014

    Google Scholar 

  18. Faugère, J.C., Otmani, A., Perret, L., de Portzamparc, F., Tillich, J.P.: Folding alternant and Goppa Codes with non-trivial automorphism groups. IEEE Trans. Inform. Theory 62(1), 184–198 (2016)

    Article  MathSciNet  Google Scholar 

  19. Faugère, J.C., Otmani, A., Perret, L., de Portzamparc, F., Tillich, J.P.: Structural cryptanalysis of McEliece schemes with compact keys. Des. Codes Crypt. 79(1), 87–112 (2016)

    Article  MathSciNet  Google Scholar 

  20. Faugère, J.-C., Otmani, A., Perret, L., Tillich, J.-P.: Algebraic cryptanalysis of McEliece variants with compact keys. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 279–298. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_14

    Chapter  Google Scholar 

  21. Faugère, J.-C., Perret, L., de Portzamparc, F.: Algebraic attack against variants of McEliece with Goppa polynomial of a special form. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 21–41. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_2

    Chapter  Google Scholar 

  22. Faugère, J.C., El Din, M.S., Spaenlehauer, P.J.: Gröbner bases of bihomogeneous ideals generated by polynomials of bidegree (1,1): algorithms and complexity. J. Symbolic Comput. 46(4), 406–437 (2011)

    Article  MathSciNet  Google Scholar 

  23. Gaborit, P.: Shorter keys for code based cryptography. In: Proceedings of the 2005 International Workshop on Coding and Cryptography (WCC 2005), pp. 81–91. Bergen, March 2005

    Google Scholar 

  24. Gauthier, V., Otmani, A., Tillich, J.P.: A distinguisher-based attack of a homomorphic encryption scheme relying on Reed-Solomon codes. CoRR abs/1203.6686 (2012)

    Google Scholar 

  25. Gauthier, V., Otmani, A., Tillich, J.P.: A distinguisher-based attack on a variant of McEliece’s cryptosystem based on Reed-Solomon codes. CoRR abs/1204.6459 (2012)

    Google Scholar 

  26. McEliece, R.J.: A Public-Key System Based on Algebraic Coding Theory, pp. 114–116. Jet Propulsion Lab (1978). dSN Progress Report 44

    Google Scholar 

  27. Misoczki, R., Barreto, P.: Compact McEliece keys from Goppa codes. In: Selected Areas in Cryptography. Calgary, Canada, 13–14 August 2009

    Google Scholar 

  28. Otmani, A., Kalachi, H.T.: Square code attack on a modified Sidelnikov cryptosystem. In: El Hajji, S., Nitaj, A., Carlet, C., Souidi, E.M. (eds.) C2SI 2015. LNCS, vol. 9084, pp. 173–183. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18681-8_14

    Chapter  Google Scholar 

  29. Wieschebrink, C.: Cryptanalysis of the Niederreiter public key scheme based on GRS subcodes. In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 61–72. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12929-2_5

    Chapter  Google Scholar 

Download references

Acknowledgements

This work has been supported by the French ANR projects MANTA (ANR-15-CE39-0013) and CBCRYPT (ANR-17-CE39-0007). The authors are extremely grateful to Élise Barelli for kindly giving her Magma code and for helpful discussions.

Author information

Authors and Affiliations

  1. LITIS, University of Rouen Normandie Avenue de l’université, 76801, Saint-Étienne-du-Rouvray, France

    Magali Bardet, Manon Bertin & Ayoub Otmani

  2. INRIA & LIX, CNRS UMR 7161 École polytechnique, 91128, Palaiseau Cedex, France

    Alain Couvreur

Authors
  1. Magali Bardet
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manon Bertin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alain Couvreur
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ayoub Otmani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Magali Bardet .

Editor information

Editors and Affiliations

  1. Marche Polytechnic University, Ancona, Italy

    Marco Baldi

  2. Florida Atlantic University, Boca Raton, FL, USA

    Edoardo Persichetti

  3. Marche Polytechnic University, Ancona, Italy

    Paolo Santini

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bardet, M., Bertin, M., Couvreur, A., Otmani, A. (2019). Practical Algebraic Attack on DAGS. In: Baldi, M., Persichetti, E., Santini, P. (eds) Code-Based Cryptography. CBC 2019. Lecture Notes in Computer Science(), vol 11666. Springer, Cham. https://doi.org/10.1007/978-3-030-25922-8_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-25922-8_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-25921-1

  • Online ISBN: 978-3-030-25922-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation